#include "ntddk.h"
NTKERNELAPI
NTSTATUS
ObReferenceObjectByName(
IN PUNICODE_STRING ObjectName,
IN ULONG Attributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN POBJECT_TYPE ObjectType,
IN KPROCESSOR_MODE AccessMode,
IN OUT PVOID ParseContext OPTIONAL,
OUT PVOID *Object
);
extern POBJECT_TYPE *IoDriverObjectType;
//global
PDRIVER_OBJECT g_FilterDriverObject;
PDRIVER_DISPATCH gfn_OrigReadCompleteRoutine;
NTSTATUS FilterReadCompleteRoutine(
__in struct _DEVICE_OBJECT *DeviceObject,
__inout struct _IRP *Irp
)
{
KdPrint(("IRP_MJ_DEVICE_CONTROL."));
return gfn_OrigReadCompleteRoutine(DeviceObject,Irp);
}
VOID UnFilterDriverRoutine()
{
if (MmIsAddressValid(gfn_OrigReadCompleteRoutine))
{
g_FilterDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = gfn_OrigReadCompleteRoutine;
}
}
NTSTATUS FilterDriverQuery()
{
NTSTATUS Status;
UNICODE_STRING usObjectName;
RtlInitUnicodeString(&usObjectName,L"\\Driver\\Xuetr");
Status = ObReferenceObjectByName(
&usObjectName,
OBJ_CASE_INSENSITIVE,
NULL,
0,
*IoDriverObjectType,
KernelMode,
NULL,
(PVOID*)&g_FilterDriverObject
);
if(!NT_SUCCESS(Status))
{
KdPrint (("ObReferenceObjectByName failed"));
return Status;
}
KdPrint (("0x%X",g_FilterDriverObject));
gfn_OrigReadCompleteRoutine = g_FilterDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL];
g_FilterDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = (PDRIVER_DISPATCH)FilterReadCompleteRoutine;
ObDereferenceObject(g_FilterDriverObject);
return STATUS_SUCCESS;
}
VOID MyDriverUnLoad(PDRIVER_OBJECT pDriverObject)
{
UNICODE_STRING usSymName;
RtlInitUnicodeString(&usSymName,L"\\??\\FirstDevice");
if(pDriverObject->DeviceObject!=NULL)
{
IoDeleteSymbolicLink(&usSymName);
IoDeleteDevice(pDriverObject->DeviceObject);
KdPrint(("delete device success"));
}
UnFilterDriverRoutine();
}
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject)
{
NTSTATUS Status;
PDEVICE_OBJECT pDevObj;
UNICODE_STRING usDevName;//type error bluescreen
UNICODE_STRING usSymName;
RtlInitUnicodeString(&usDevName,L"\\Device\\FirstDevice");
Status = IoCreateDevice(pDriverObject,0,&usDevName,FILE_DEVICE_UNKNOWN,0,TRUE,&pDevObj);
if(!NT_SUCCESS(Status))
{
return Status;
}
pDevObj->Flags |= DO_BUFFERED_IO;
RtlInitUnicodeString(&usSymName,L"\\??\\FirstDevice");
Status = IoCreateSymbolicLink(&usSymName,&usDevName);
if(!NT_SUCCESS(Status))
{
IoDeleteDevice(pDevObj);
return Status;
}
return STATUS_SUCCESS;
}
NTSTATUS CreateCompleteRoutine(PDEVICE_OBJECT pDeviceObject,PIRP pIrp)
{
NTSTATUS Status;
Status = STATUS_SUCCESS;
KdPrint(("create routine"));
pIrp->IoStatus.Status = Status;
pIrp->IoStatus.Information = 0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return Status;
}
NTSTATUS CloseCompleteRoutine(PDEVICE_OBJECT pDeviceObject,PIRP pIrp)
{
NTSTATUS Status;
Status = STATUS_SUCCESS;
KdPrint(("close routine"));
pIrp->IoStatus.Status = Status;
pIrp->IoStatus.Information = 0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return Status;
}
NTSTATUS ReadCompleteRoutine(PDEVICE_OBJECT pDeviceObject,PIRP pIrp)
{
NTSTATUS Status;
Status = STATUS_SUCCESS;
KdPrint(("read routine"));
pIrp->IoStatus.Status = Status;
pIrp->IoStatus.Information = 0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return Status;
}
NTSTATUS WriteCompleteRoutine(PDEVICE_OBJECT pDeviceObject,PIRP pIrp)
{
NTSTATUS Status;
Status = STATUS_SUCCESS;
KdPrint(("write routine"));
pIrp->IoStatus.Status = Status;
pIrp->IoStatus.Information = 0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return Status;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegistryPath)
{
NTSTATUS Status;
Status = CreateDevice(pDriverObject);
if (!NT_SUCCESS(Status))
{
KdPrint(("create device failed"));
}
else
{
KdPrint(("create device successed"));
KdPrint(("%wZ",pRegistryPath));
}
pDriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCompleteRoutine;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseCompleteRoutine;
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ReadCompleteRoutine;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = WriteCompleteRoutine;
FilterDriverQuery();
pDriverObject->DriverUnload = MyDriverUnLoad;
return STATUS_SUCCESS;
}
过滤/ObReferenceObjectByName/XT
最新推荐文章于 2018-01-16 17:51:00 发布